[MySqli扩展]①③--评论系统、表单输入过滤

Paste_Image.png

http://img.mukewang.com/down/55fa763b0001745800000000.rar

index.php

    
    
    


慕课网评论系统

    output();
//    }
    ?>
    

        

            

                昵称
                

                头像
                

                    ![](img/1.jpg)   
                    ![](img/2.jpg)   
                    ![](img/3.jpg)   
                    ![](img/4.jpg)   
                    ![](img/5.jpg)   
                
                邮箱
                

                个人博客
                

                评论内容
                
                
            
        
    

doAction.php

connect.php

errno) {
    die('CONNECT ERROR ' . $mysqli->error);
} else {
    $mysqli->set_charset('UTF8');
}

cpmment.class.php

data = $data;
    }

    /**
     * 检测用户输入的数据
     * @param $arr
     * @return bool
     */
    public static function validate(&$arr)
    {
        if (!(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL))) {
            $errors['email'] = '请输入合法邮箱';
        }
        if (!(filter_input(INPUT_POST, 'url', FILTER_VALIDATE_URL))) {
            $url = "";
        }
        if (!(filter_input(INPUT_POST, 'content', FILTER_CALLBACK, array('options' => 'Comment::validate_str')))) {
            $errors['content'] = "请输入合法内容";
        }
        if (!(filter_input(INPUT_POST, 'username', FILTER_CALLBACK, array('options' => 'Comment::validate_str')))) {
            $errors['username'] = "请输入合法用户名";
        }
        $options = array(
            'min_range' => 1,
            'max_range' => 5
        );
        if (!(filter_input(INPUT_POST, 'face', FILTER_VALIDATE_INT, $options))) {
            $errors['face'] = "请输入合法头像";
        }
        if (!empty($errors)) {
            $arr = $errors;
            return false;
        }
        $arr = $data;
        $arr['email'] = strtolower(trim($arr['email']));
        return true;

    }

    /**
     * 过滤用户输入的特殊字符
     * @param $str
     * @return bool|string
     */
    public static function validate_str($str)
    {
        if (mb_strlen($str, 'UTF8') < 1) {
            return false;
        }
        //nl2br 将\n转换成br
        //htmlspecialchars 把一些预定义的字符转换为 HTML 实体
        //ENT_QUOTES单引号也转义
        $str = nl2br(htmlspecialchars($str, ENT_QUOTES));
        return $str;

    }
}